Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to configure security to allow swagger url to be accessed only with authentication in nodejs

Tags:

javascript

security

authentication

node.js

swagger

I have integrated swagger in node and it is accessible on http://localhost:3002/api-docs. But the swagger ui is publicly accessible. I want to add authentication/security to access this route. When user hits http://localhost:3002/api-docs, it should show popup/prompt to enter username/password. If username and password is correct then only user should able to see swagger UI.

Possibly like as seen in below screenshot

enter image description here

I am using swagger-ui-express, and this is my code that I m using

import swaggerUi from 'swagger-ui-express';
import * as swaggerDocument from './swagger.json' 

....
....

app.use("/api-docs",swaggerUi.serve,swaggerUi.setup(swaggerDocument));

I searched on the internet but didn't got any solution. I found one solution but that is in spring.

Thanks in advance !!

like image 574
Shivam Kubde Avatar asked Nov 19 '20 14:11

Shivam Kubde

People also ask

How do I add security to swagger?

After you have defined the security schemes in the securitySchemes section, you can apply them to the whole API or individual operations by adding the security section on the root level or operation level, respectively.

How do I enable basic authentication in swagger UI?

Basic authentication is easy to define. In the global securityDefinitions section, add an entry with type: basic and an arbitrary name (in this example - basicAuth). Then, apply security to the whole API or specific operations by using the security section.

How do I protect my swagger API?

Password protection. So first let's protect the Swagger UI with HTTP basic auth requiring visitors to enter a username and password to access /docs or /docs-json . This can easily be done by implementing express-basic-auth, a simple plug & play HTTP basic auth middleware for Express.

1 Answers

You can plug in a basic-auth middleware (e.g. https://github.com/LionC/express-basic-auth) to protect the swagger-ui route. If you use express-basic-auth, make sure to set the challenge option in order to force the browser to open a prompt:

const basicAuth = require('express-basic-auth');

app.use("/api-docs",basicAuth({
    users: {'yourUser': 'yourPassword'},
    challenge: true,
}), swaggerUi.serve, swaggerUi.setup(swaggerDocument));
like image 119
eol Avatar answered Nov 01 '22 02:11

eol
Sign in to Comment

Related questions

Need help trying to refresh my token in react native
How to override the "MuiPaper-elevation1" atrribute in a Card component in Material-UI?
How convert a string to type Uint8Array in nodejs
JavaScript heap out of memory while build react app in docker container
Making class instance reactive in Svelte using stores
Node.js multithreading: What are Worker threads and how does it work?
Svelte/Sapper: Body empty on POST
Showing all output in the console VS code
React map() showing undefined
Apollo GraphQL merge cached data
Why | and || are similar to a semicolon in Javascript?
Blazor wasm invoke javascript, pass large array is very slow
ESLint rule to block users from disabling ESLint rules
Content-Visibility auto vs Lazy loading content performance
Vue: how to merge two reactive objects without loosing reactivity
How to fix `data-rbd-draggable-context-id` did not match. Server: "1" Client: "0"' with react-beautiful-dnd and next.js
Found 2 elements with non-unique id
Function context when calling via arguments
How do I get unique records by comparing the first n characters?
Google cloud/firebase storage Error: Cannot sign data without `client_email`. ... name: 'SigningError'

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!